Google to block sign-ins from embedded browser frameworks to counter Man In The Middle phishing attacks

By Digit NewsDesk | Published on 22 Apr 2019
Google to block sign-ins from embedded browser frameworks to counter Man In The Middle phishing attacks

Google will block all sign-ins done via embedded browser frameworks.

This is being done to counter Man In The Middle phishing attacks.

The change will be implemented from June 2019.


IBM Developer Contest

Take the quiz to test your coding skills and stand a chance to win exciting vouchers and prizes upto Rs.10000

Click here to know more

After announcing a slew of security features for G-suite, the company is now introducing a new change that is aimed at curbing Man In The Middle (MITM) phishing attacks. Adding a layer of protection to user sign-ins, the company will block logins that are done via embedded browser frameworks starting June this year. Google says it becomes difficult to detect whether it is an authentic sign-in by a user or a MITM phishing attack when embedded browser framework or when another automation platform is being used for authentication. Therefore, to help enhance user safety, it will block any sign-ins that occur via embedded browser frameworks.  

The new feature will add to the existing countermeasures Google has set in place like Safe Browsing warnings, Gmail spam filters, and account sign-in challenges. One might have noticed a warning message showing up before visiting a dubious site or downloading an app that could be harmful. This is the Safe browsing feature that Google has in place to counter instances of malware or dubious scripts being installed on a user’s computer. Google could also soon add new features that disable sites from detecting users who are browsing in Incognito mode. 

While going Incognito while browsing the web takes care of cookies and some trackers, it is not a fool-proof method to remain anonymous online. some sites can detect when a user is browsing in incognito mode and track them to display subscription options or to register. However, Google is reportedly testing implementation of a Filesystem API flag in Chrome’s incognito mode with version 75 that is said to curb sites from following users who are in incognito mode. The API flag can be enabled by entering chrome://flags in the URL and finding the “Filesystem API in Incognito” flag. You can read more about this feature here

Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry. Protection Status